PHP
  Home arrow PHP arrow Page 9 - Building an E-Commerce Site Part 2: Ma...
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Mobile Linux 
App Generation ROI 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

Building an E-Commerce Site Part 2: Managing Users with Sessions
By: Ying Zhang
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 30
    2000-05-16

    Table of Contents:
  • Building an E-Commerce Site Part 2: Managing Users with Sessions
  • Assumptions and Requirements
  • Primer on Sessions
  • User Management and Privileges
  • Step 1: Creating the Users Table
  • Step 2: Extracting the New Scripts
  • Step 3: General Script Changes from Tutorial 1
  • Step 5: User Scripts
  • Step 6: A Note on Security
  • Step 7: Putting It All Together
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Building an E-Commerce Site Part 2: Managing Users with Sessions - Step 6: A Note on Security
    (Page 9 of 10 )

    So you may be thinking, "how secure is all this"? That's a good question. There are many places where security can be compromised here, you have to ask yourself:

    • How much do you trust PHP4's session management functions to be immune to people trying to hijack other sessions -- after all there is just one PHPSESSID variable that separates you from everyone else using the system (oooh, scarey thought). How unique is that PHPSESSID anyway?
    • Assuming PHP4's session management functions are bulletproof, how much do you trust the my login routines, and my privilege / access checking routines?
    • How safe is your database? Can someone connect remotely and diddle with your tables and read or alter data without you knowing? (NOTE: Never ever ever ever ever ever ever ever store credit card information in your database. You don't need it there, you don't want the liability!)
    • How safe are your scripts? Can someone change them without you knowing? How safe is your ISP? When was the last time you verified all the permissions on your files so that no one else can read/edit them?

    Anyhow, my point is that what we are developing here should NOT be used in a production environment without you understanding all the risks involved. I've just presented a few to get your mind thinking about security risks.

    Next: Step 7: Putting It All Together >>
     

    More PHP Articles
    More By Ying Zhang


     
    >>> Be the FIRST to comment on this article!

       

    PHP ARTICLES

    - Authentication Scripts for a User Management...
    - Utilizing the Use Keyword for Namespaces in ...
    - Building a User Management Application
    - Working With Different Namespaces in PHP 5
    - User Management Explained: Overview
    - Using Namespaces in PHP 5
    - Database Security: Guarding Against SQL Inje...
    - Building a Modular Exception Class in PHP 5
    - Database and Password Security for Web Appli...
    - Handling MySQL Data Set Failures in PHP 5
    - Building Site Registration for Web Applicati...
    - Intercepting Customized Exceptions in PHP 5
    - Securing Your Web Application Against Attacks
    - Sub Classing Exceptions in PHP 5
    - Authentication for Web Application Security
    Find More PHP Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway
    Stay green...Green IT